"LA County Health Services: Patients' Data Exposed in Phishing Attack"

​The Los Angeles County Department of Health Services recently disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County (the most populous county in the United States) and is the second largest public health care system in the country after NYC Health + Hospitals. The organization noted that 23 employees had their mailboxes compromised after their credentials were stolen in a February attack. As a result, the attackers gained access to patients' personal and health data stored in the employees' e-mail inboxes. DHS conducted an administrative review and determined that approximately 6,085 individuals' information may have been impacted. Documents and e-mails in the compromised mailboxes included a combination of patients' personal and health information, including first and last name, date of birth, home address, phone number(s), e-mail address, medical record number, client identification number, dates of service, medical information (e.g., diagnosis/condition, treatment, test results, medications), and/or health plan information. Affected individuals may have been impacted differently, and the data stored in the breached e-mail inboxes did not include Social Security Numbers (SSNs) or financial information.

BleepingComputer reports: "LA County Health Services: Patients' Data Exposed in Phishing Attack"